MetInfo 6.x through 6.1.3 has XSS via the /admin/login/login_check.php url_array[] parameter.
CWE-79
CVE-2018-20490
An issue was discovered in GitLab Community and Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS.
CVE-2018-20491
An issue was discovered in GitLab Enterprise Edition 11.3.x and 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS.
CVE-2018-20496
An issue was discovered in GitLab Community and Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS.
CVE-2018-20503
Allied Telesis 8100L/8 devices allow XSS via the edit-ipv4_interface.php vlanid or subnet_mask parameter.
CVE-2018-20448
Frog CMS 0.9.5 has XSS via the Database name field to the /install/index.php URI.